Log File Names and Locations

Alarm log messages

Alarm log messages are sent when an event occurs that triggers the Firebox to do a command. When the alarm condition is matched, the Firebox sends an Alarm log message to the Traffic Monitor and log server and then it does the specified action.

You can set some alarm log messages. For example, you can use Policy Manager to configure an alarm to occur when a specified value matches or is more than a threshold. Other alarm log messages are set by the appliance software, and you cannot change the value. For example, the Firebox sends an alarm log mes- sage when a network connection on one of the Firebox interfaces fails or when a Denial of Service attack occurs. For more information about alarm log messages, see the Reference Guide.

There are eight categories of alarm log messages: System, IPS, AV, Policy, Proxy, Counter, Denial of Ser- vice, and Traffic. The Firebox does not send more than 10 alarms in 15 minutes for the same conditions.

Event log messages

The Firebox sends an event log messages because of user activity. Actions that can cause the Firebox to send an event log message include:

Firebox start up and shut down

Firebox and VPN authentication

Process start up and shut down

Problems with the Firebox hardware components

Any task done by the Firebox administrator

Diagnostic log messages

Diagnostic log messages include information that you can use to help troubleshoot problems. There are 27 different product components that can send diagnostic log messages. Using Policy Manager, you can select the level of diagnostic log messages to see in your Traffic Monitor or write your log file. For infor- mation on how to do this, see the Configuration Guide for your appliance software.

Log File Names and Locations

The Firebox® sends log messages to a primary or backup Log Server. The default location for the log file is path: My Documents\My WatchGuard\Shared WatchGuard\logs.

The name of the log file shows:

If the Firebox has a name, the format of the log file name is FireboxName-date.wgl.xml.

If the Firebox does not have a name, the name of the log files is FireboxIP-date.wgl.xml.

Starting LogViewer

LogViewer is the WatchGuard® System Manager tool you use to see the log file data. It can show the log data page by page, or search and display by key words or specified log fields. The LogViewer tool is the same for Fireware and WFS appliance software. There are small differences between the two appliance

38

WatchGuard System Manager

Page 44
Image 44
WatchGuard Technologies Firebox X Log File Names and Locations, Starting LogViewer, Alarm log messages, Event log messages